# Sets up a cloudtrail that keeps 7 days locally in cloudwatch logs and also sends everything to a bucket in C2
module "cloudtrail-logging" {
  source            = "../../thirdparty/terraform-aws-cloudtrail-logging"
  region            = var.aws_region
  cloudtrail_name   = "xdr-centralized-cloudtrail"
  cloudtrail_bucket = "xdr-cloudtrail-logs-${local.logging_environment}"
  iam_path          = "/aws_services/"
  kms_key_id        = var.cloudtrail_key_arn
  log_group_name    = var.log_group_name
  retention_in_days = 7 # Days available in the local account cloudtrail logs. See the S3 bucket for retention there.
  # Uncomment to enable object level logging. If specifying individual buckets, be sure to end with a `/'
  # This is not enabled by default due to the recursive nature: A log is written, splunk reads it, which results in a log being written.
  # This is not a CIS requirement.
  #s3_object_level_buckets = [ "arn:${var.aws_partition}:s3:::"  ]
  lambda_functions        = [ "arn:${var.aws_partition}:lambda" ]
}